Mailing List Archive

regex with multiple capture groups
Hello,

With a property selector I'm trying to filter a "source"/hostname
property for deciding where the log files go.

My hostnames are of the pattern:
REGION1a-SERVICE1

When naming log directories, I want to drop the "a" within the region
and "1" in the service. In other words, one directory for each service,
and the lettered portion of regions grouped together. (eg,
REGION1-SERVICE, REGION2-SERVICE)

To do this I would normally approach this with a regular expression as,
`([a-z]*[0-9]{0,1})[a-z]{0,1}(-[a-z]*)` and extract/join the two capture
groups `$1$2`. However with the "R,ERE,CaptureGroup,DFLT:<regex>" syntax
there doesn't seem to be a nice way to specify multiple capture groups.

Is there something I'm missing..? Perhaps there's a better way to do it?

The way I've found to get this working is:
$Template
dynFacilityLog,"/logDir/%source:R,ERE,1,DFLT:([a-z]*[0-9]{0,1})[a-z]{0,1}(-[a-z]*)--end%%source:R,ERE,2,DFLT:([a-z]*[0-9]{0,1})[a-z]{0,1}(-[a-z]*)--end%/facility.log"
Which just repeats the source selector twice, specifying the first and
second capture group respectively. But it doesn't feel very efficient.

Also, somewhat related, the online regex tool seems to be broken.. or at
least under-documented as no input i give it seems to return anything
(https://www.rsyslog.com/regex/).

Thanks!
Jordan
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: regex with multiple capture groups [ In reply to ]
take a look at mmnormalize, it's FAR more efficient than regex.

the regex capability is a last-ditch way to manipulate things.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: regex with multiple capture groups [ In reply to ]
Thanks for that. I'll take a look at this module today. I had presumed
the answer might lay in rainer script but this is something to look into!

I have a few thoughts after a very rough look into mmnormalize, those being:
* faster log processing seems to be a big factor in using this module
* the need to install extra packages -- as seems to be the case from
reading https://www.rsyslog.com/normalizer-first-steps-for-mmnormalize/
* whether the actions can be applied to properties like source/hostname
to determine the log file destinations
* compatibility/disturbance to other logging configurations through
adding a normalization step to server.conf

Hopefully I'll find the answers with some more readings/experimentation :)

Cheers,
Jordan

On 5/08/19 5:43 PM, David Lang wrote:
> take a look at mmnormalize, it's FAR more efficient than regex.
>
> the regex capability is a last-ditch way to manipulate things.
>
> David Lang


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.